Opinions are like a%$*oles, everyone has them and they're usually full of &amp;*it! Argue with our Opinion writers or add your own. Who knows... a great opinion post could land you a featured opinion article!

I'm currently in talks with a publisher to co-author a book on OSSEC (http://www.ossec.net) with Daniel Cid, the founder and lead developer of the project.

What the publisher has asked me for is some quotes/endorsements on why a book on this product is needed and/or why I am the right person to write a book on this topic.

I'd appreciate help from the community on this and if you'd be willing to be quoted on why a book is needed on this program and/or provide an endorsement of yours truly then please post it here or if you'd rather let me know directly then please email me at andrewsmhay@gmail.com.

As mentioned by Boney, to reach the mass people, a well written book is always the best option.

Answering the questions projected by the publisher:

Why a book is needed on this subject?Currently no book is available in the market on the subject and as we all are aware, the average techie guys prefer books than documentation.

Why you are the right person for this book?Quite simple - just go through your profile - you have contributed a lot to the information security field. An active member of many security movements with multiple certifications and rich experience obviously makes you the right candidate for this subject.

Wishing you all the best for the project. Also looking forward for more contributions from you on OSSEC to EH-Net.

I don't know if it will help, but feel free to use anything in my article http://www.ethicalhacker.net/content/view/154/24/ I think the point you should emphasize is that SourceFire has cornered the market, and for the sake of open source OSSEC should do everything it can to get known.

If you took a survey, I bet a lot of people have never heard of OSSEC, but they have probably heard of snort. OSSEC is the future, most people just aren't aware of it.

Also as a suggestion, it would be great if you could include a dvd with a vid of installations and advanced techniques, some people learn best by watching then emulating...fwiw

This thread has inspired me to take a look at OSSEC and it looks promising. Getting a book out soon might make it to the market as the first on this subject. I've not had a chance to test OSSEC much yet over and above doing the installation, but I especially like the client/server approach. Too many desktop products require big money to have a centralised, managed reporting solution.